Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Where to start / infected xp machine


  • This topic is locked This topic is locked
37 replies to this topic

#1 Inset irises

Inset irises

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 11 July 2013 - 09:15 PM

I am unable to view my folders and my accessories folder is missing from my start menu. Windows security is not working, and I cannot connect to web.
Presuming Trojan urusy and java exploit still affecting system.

Mod Edit: Moved topic from Introductions, to a more appropriate forum. ~bloopie

Edited by bloopie, 11 July 2013 - 10:24 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:41 PM

Posted 12 July 2013 - 04:05 AM

Presuming Trojan urusy and java exploit still affecting system.

From what you say, this computer was infected earlier.

Please list the steps you took, and did you get help from any others, or just self help -

 

Thank You -



#3 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 12 July 2013 - 09:49 AM

 Results of screen317's Security Check version 0.99.50  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 AVG 2012     
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.62.0.1300  
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 7  
 Adobe Flash Player     11.3.300.271  
 Adobe Reader X (10.1.4)
 Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````
 

Found quarantined urausys virus, and a trojan with emsisoft.  restarted after deleting.  still cannot access things

like system restore from start menu, and cannot see files.  running windows xp.



#4 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 12 July 2013 - 10:00 AM

Self help from bleeping computer archives.



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:41 PM

Posted 12 July 2013 - 05:21 PM

This seems to be a version of the USA Urausy Ransomware infection
Please wait for further help from an Expert on the problem.

 

Thank You -
 



#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:41 AM

Posted 13 July 2013 - 08:33 AM

Hello Inset irises, and welcome to BC! :)

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

I have moved this topic to the Malware Removal Logs forum where it will stay.

A few things to keep in mind while we are working together:
  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
==========

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. Your system is 32-bit.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
bloopie

#7 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 13 July 2013 - 10:21 PM

Hi Bloopie,

My patrol leader has instructed me to deliver my pc

to the rebel leader at the computer shop that built it,

so I have done that rather than risk her wrath.

Thank you for your help.

Dave



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:41 AM

Posted 13 July 2013 - 10:44 PM

Hello Dave,
 
Thanks for letting me know, I really appreciate it!! :thumbup2:
 
The help is really my pleasure!! :)
 
Don't be a stranger here at Bleeping Computer either, you'll find this site to be a great wealth of information in many facets of computers...as well as a great place to chat.

 

==========

 

Due to the above information, I will close this topic as resolved, so that we avoid any confusion.

 

Best Regards,

 

bloopie



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:41 AM

Posted 13 July 2013 - 10:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:41 AM

Posted 16 July 2013 - 01:38 PM

This topic has been reopened! :)

Sent VIA PM:
 

I got my pcback today before repair shop closed.

Got it home, powered it up and icons are still missing and cannot view files on c drive, which winderstat shows are there.


shop ran combofix, mbam, and a number of others.

said they found trojans.


I think this sounds like what other folks have used unhide.exe for.


not sure i can trust the shop as this tech...not my regular go to guy...

sent me a non working pc.

Hello again,

Yes, unhide would be a good program to run for the missing files. You can find a fresh download HERE. Run the tool to attempt to unhide all of your files. Hopefully that is successful...if it is not successful, please follow this instructions in my Post #6 of this thread.

 

==========

 

If Unhide was successful, then do the below please:

Since the shop ran Combofix, could you please tell me if the program is still on your machine? I'd like you to post the log here for me if it's still present. You can find the log at C:\Combofix.txt.

 

==========

 

Please post the Combofix log if possible in your next reply. Also please let me know how the machine is running now!

 

bloopie



#11 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 16 July 2013 - 08:23 PM

Update...pc went back to shop today.

Shop informed me that there is a very entrenched rootkit virus that is

avoiding their tools and custom tools.  They are running a "top down cd"

(I believe that's what they called it) as a last ditch effort.  They said that they can

see the framework of the virus, then it disappears.  They said that they will have to

reformat the drive if this attempt is not successful.



#12 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 16 July 2013 - 08:25 PM

My guess is that the techs cleaned the temp files yesterday before I pointed out yet again my hidden files.  Could that be causing their difficulty?



#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:41 AM

Posted 17 July 2013 - 03:43 PM

Hello again,

That's unfortunate. No self-respecting PC repair shop will give you back a PC while it's not in working order, IMO.

My guess is they're just throwing tools at the infection and hoping something will work. They should be trying to identify the malware, and take the necessary steps to remove it.

My guess is that the techs cleaned the temp files yesterday before I pointed out yet again my hidden files. Could that be causing their difficulty?

There's not enough information to tell that. I need to know what the infection is, but I haven't yet seen a single log other than security check...which will not show infections.

If you ask me, I'd say get your machine back so that you and I can get it working again. It's infected, and that's my specialty. I doubt the repair shop is very savvy at removing malware, and that's why they're not able to remove it. They're probably just going to reformat it for you.

bloopie

#14 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 17 July 2013 - 10:30 PM

I made the mistake of not checking to see if my regular tech was still working there.  I don't know if they reformatted or not, but I suspect that they did today while I was at work.

I should have my machine back tomorrow afternoon.

In the interim, I'm having trouble with updating my netbook (see my other post "Acer Netbook").

When I get my machine back, I'd like to have it checked out to make sure they got everything.

Thanks



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:41 AM

Posted 18 July 2013 - 03:57 PM

Hello again,
 
If the repair shop reformats your hard disk, there shouldn't be a need to check for malware but I'll check it for you anyway when you get it back if you'd like.  :wink:
 
==========
 
About your other topic, that's not my area of expertise and I'm not sure what the cause could be...
 
But it might not be a bad idea to post a log from Farbar Service Scanner in that topic, only to see if your Windows Update registry keys are all accounted for. Maybe also run the System File Checker if you have your original installation disc to make sure all necessary system files are all present and in good shape. That's just what I'd personally start with, but there's nothing wrong with .X.'s advice either.
 
bloopie






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users